Critical Vulnerability in Cline Kanban Exposes AI Coding Agents to Hijacking

Critical Vulnerability in Cline Kanban Exposes AI Coding Agents to Hijacking

First seen 7 May 2026, 14:55 UTC Infosecurity-Magazinewww.oasis.securityGbhackersCybersecuritynews 90% similarity 75.0

Article Content

Browse articles
ThreatCluster

A critical vulnerability (CVSS 9.7) in the Cline Kanban server allows any website a developer visits to silently exfiltrate workspace data and inject commands into the AI agent's terminal. This flaw affects version 0.1.59 of the Kanban npm package and arises from missing origin validation and authentication on WebSocket endpoints. The attack can occur without any user interaction, as malicious JavaScript on any webpage can exploit the vulnerability. This issue affects all developers using Cline's Kanban feature, potentially exposing sensitive data and allowing unauthorized command execution. Oasis Security reported the vulnerability to Cline, which has since released a patch in version 0.1.66. The incident highlights a broader systemic issue with localhost trust boundaries in AI coding platforms.

Key Points: • Cline Kanban server vulnerability allows remote command injection via WebSocket. • Affected version is 0.1.59; patch available in version 0.1.66. • No user interaction required for exploitation, posing a significant risk to developers.

ThreatCluster AI

Timeline

2026-05-07
Vulnerability disclosed
Oasis Security published findings on a critical flaw in Cline Kanban affecting version 0.1.59, allowing unauthorized access.
Infosecurity-Magazine
2026-05-07
Patch released
Cline released version 0.1.66 to address the critical vulnerability identified by Oasis Security.
Oasis Security

Community

Browse all →